Question

a. Apply the following data to evaluate the time-based model of security for the XYZ Company. Does the XYZ Company satisfy the requirements of the time-based model of security? Why?• Estimated time for attacker to successfully penetrate system = 25 minutes• Estimated time to detect an attack in progress and notify appropriate information security staff = 5 minutes (best case) to 10 minutes (worst case)• Estimated time to implement corrective actions = 6 minutes (best case) to 20 minutes (worst case)b. Which of the following security investments to you recommend? Why?1. Invest $50,000 to increase the estimated time to penetrate the system by 4 minutes2. Invest $50,000 to reduce the time to detect an attack to between 2 minutes (best case) and 6 minutes (worst case)3. Invest $50,000 to reduce the time required to implement corrective actions to between 4 minutes (best case) and 14 minutes (worst case).